CVE-2021-22054

high

VMware ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

93.8%

Exploitation probability in 30 days

Top 0% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: December 17, 2021 (1609 days ago)

Last Modified: March 10, 2026

Vendor: VMware

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-03-09

Remediation Due: 2026-03-23 (⚠ 53d overdue)

Description

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

CWE

CWE-918

Affected Products

vmware workspace one uem console

References

🔗 www.vmware.com 🔗 www.vmware.com 🔗 www.cisa.gov 🔗 www.greynoise.io

CVE-2021-22054

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References